Study published by the Department for Science, Innovation and Technology finds that public sector bodies collectively work with 2,000 individual providers across a yearly total of more than 5,000 contracts

The public sector’s collective annual spend with IT managed services providers has more than doubled in the space of two years, reaching a total of £7.4bn in 2022, according to new government research.

The Department for Science, Innovation and Technology has published a new study on the landscape for UK managed services providers. Using information from public procurement data specialist Tussell, the research finds that a total of 5,349 deals were awarded to managed services providers (MSPs) by public bodies during the 2022 calendar year. This represents a significant rise on the 3,104 deals signed in 2020, and a 131% spike on the £3.2bn collective value of those engagements.

There are currently an estimated 1,999 MSPs supplying services to government, addressing areas such as cloud hosting, managed security services, or remote monitoring. There are almost 11,500 active managed services firms operating in the UK, according to the research, meaning about one in six of the overall total works with government.

About 40% of public sector providers – almost 800 firms – are classified as medium or large providers, with the remaining 1,200 characterised as SMEs or micro-businesses.

But despite this diversity of providers, £16.6bn of the £22.9bn in public-sector deals awarded between January 2020 and July 2023 – equating to 72.5% – was spent with the top 25 MSPs. This includes 10% accounted for by the number-one supplier on the list, Capgemini, which has won £2.3bn in managed-services deals since 2020.

Related content

• ‘A complete lack of control’ – how Horizon highlights the public sector’s over-reliance on outsourcers
• CCS defends Digital Marketplace closure and pledges to ‘reinstate transparency’
• Whitehall procurement chief clashes with MPs over uncontested contracts

Atos is second in the rankings with £1.4bn in spending, followed by three software firms: Bytes, Softcat, and Microsoft, on £1.3bn, £1.3bn, and £1.2bn, respectively.

These five firms account for one pound in every three spent by public bodies on managed services, the DSIT study indicates.

The government research finds that there are between 1,500 and 1,700 UK MSPs in the medium-to-large bracket – all of which will soon be required to adhere to NIS regulations, which contain a range of legal measures intended to ensure the security of the UK’s network infrastructure.

The legislation – which currently applies only to cloud providers, online marketplaces, and search engines – sets out baseline security requirement for companies in scope. If these are breached, the Information Commissioner’s Office can impose fines of up £17m on the offending firm.

Proposed updates to the law will extend the rules to cover MSPs, as well as introducing new requirements for cyber incident reporting, and giving government the power to amend the regulations more easily in future. These proposals were first made in December 2022, and are intended to be passed into law “when parliamentary time allows”.

The DSIT research was conducted on behalf of the department by Perspective Economics and glass.ai.